3. Continuous improvement
Does your internal audit system truly drive continuous improvement?
Why the number one objective for any business must always be continual improvement of the internal audit programme.
We all know that the purpose of the internal audit programme is to drive continuous improvement, through:
- Identifying failures, so that they can be corrected before a problem occurs.
- Trending problems, to proactively find gaps in systems, so that problems can be prevented.
- Assessment of the performance of the systems, so that the frequency of the audits can be focused where additional attention is needed.
Continuous improvement
Continuous improvement is the holy grail of positive safety and quality culture.
A business with a proactive culture will put a huge amount of effort into its internal audit programme, as it will appreciate the benefits it provides.
The benefits
An internal audit programme which is fully resourced and where non-conformances that arise from it are treated seriously and closed out so that they don’t reoccur, will:
- Attract high performing staff.
- Retain high performing staff, due to the good working environment.
- Reduce the risk of non conformances being raised at external audit.
- Be more efficient, as a culture of ‘right first time’ will dissolve into everything that they do every day.
- Reduce wastage of all resources, including materials, product and time.
This is why it’s critical that the internal audit programme is seen as the most important system within your business.
And that’s why, the number one objective for any business must always be continual improvement of the internal audit programme.
How to drive continuous improvement
So, let’s look at the ways in which you can build a business objective to drive continuous improvement of your internal audit programme.
- Focusing on quality, not quantity.
- Training auditors to be the most highly trained staff in the business.
- Seeing non conformances as a positive thing.
- Really closing out non conformances.
- Not fudging the risk assessment.
- Deep diving into the problem when reauditing.
Focusing on quality, not quantity
It’s true that you have to do a set number of audits each year, but simplifying them to make them quicker, will mean that you can focus on getting the fundamentals right first.
Once you’ve then got the fundamentals nailed, then you can expand the audits to make them more detailed.
This will allow you to build in detail and complexity as your systems improve, thereby ensuring that they continually improve.
Training auditors to be the most highly trained staff in the business
To enable staff to carry out audits, they need to be trained in internal auditing. This is the base line of training that’s needed.
However, to carry out an audit to a high standard, auditors not only need to know how to audit, but they need to be subject matter experts in the topic that they’re auditing.
External auditors are subject matter experts, and to enable your business to pick up non conformances before external auditors do, then your auditors need to be just as knowledgeable.
Therefore, your auditors need in-depth training in the topic that they’re going to audit.
Improving the knowledge of your auditors, will improve the quality of your audits and drive improvement.
Seeing non conformances as a positive thing
We all know that non conformances should be seen as a positive thing, but we’ve learnt that they generally come with negative consequences.
Getting a non conformance brings with it additional work to do (when its already busy) and your manager isn’t going to thank you for it.
But for an internal audit programme to really excel, you have to see non conformance as a good thing – as it allows you to resolve the problem and stop it from causing an external audit non conformance, a complaint or even a recall or withdrawal.
Changing this mindset isn’t’ easy though, so you have to have a metric to drive this change.
Generally, KPIs would measure how many non conformance a department gets – the target being to lower the number.
We would recommend changing these KPIs so that departments are measured on how many non-conformances they can verify as complete – the target being the higher the better.
If you really want to drive this, especially at the beginning to really get people to think differently, you could even set targets for departments to raise non conformances (like we already do for H&S near misses).
Really closing out non conformances
When the day job is busy, it’s hard to ensure that non conformances get the attention that they deserve. But in order to improve, a right first time attitude has to be applied. Each non conformance must be closed out effectively, and it must be verified to make sure that it’s robust.
Again, the principle of less is more is best here. It’s more important to close out less non conformances effectively, than close out more inadequately – as you’ll only have to redo them again in the future (which means doing twice the work).
This is where having an audit programme which covers the fundamentals first and then expands to become more detailed and complex, will help with workload.
It’s tempting to go for the best practice standard first, but if this creates so many non conformances that the departmental teams can’t cope with – it will fail before it even gets going.
It’s critical that you make sure that each non conformance is verified and sent back to the actioner if it’s not been completed effectively. This means that the verifier must be suitably trained to understand if the non conformance has been completed properly. Using your auditors to do this task is a good idea, as they’ll be the best placed to carry out the verification.
Not fudging the risk assessment
Let’s finish with a controversial point!
We all know that the risk assessment to determine frequency should assess the performance of the internal audit programme.
However, we all also know that in reality – the data that’s put into the risk assessment tends to be carefully ‘crafted’, so that the result that’s wanted is generated, or rather the result that can be coped with.
Developing a risk assessment process that really identifies where a topic isn’t performing and increases the frequency, based on factual data (that’s not manipulated) will drive improvement by making sure that the audits are focusing on the topics that need it.
Reaudits deep dive into the problem
If your risk assessment identifies that you need to do additional audits, we would recommend thinking about why you’re doing them.
There’s no point doing the same audit, just more often – as Albert Einstein said, “Insanity is doing the same thing over and over again and expecting different results.”
If you’ve got a risk assessment method which truly identifies where a topic has underperformed, and this has caused an increased frequency, then you should know why it failed.
Analyse the data that caused the increased frequency and identify what aspect of the system was underperforming. Then, conduct an in-depth audit of that aspect of the system so that you can resolve the thing that caused it to fail and prevent it from failing in the future.
audIT.app
If you’d like to drive continuous improvement within your internal audit programme, audIT.app is a must. It’s been developed by Techni-K as the ultimate continuous improvement tool. It meets the six objectives by:
- Focusing on quality, not quantity – 18 audits crafted by Techni-K to meet the standards that you work to.
- Training auditors to be the most highly trained staff in the business – we can support with training, and have our expertise at your disposal.
- Seeing non conformances as a positive thing – audit and GMP non conformances are not used in the risk assessment, exactly for this reason.
- Really closing out non conformances – audIT.app ensures that every non conformance goes through a robust verification process.
- Not fudging the risk assessment – non conformances from external audits, complaints and incidents are automatically tracked by audIT.app and assessed every month in real time.
- Deep diving into the problem when reauditing – within audIT.app any increased frequency audits are conducted so that they deep dive into the problem that’s been highlighted.
If you would like to use audIT.app as one of your culture objectives for your business and drive improvement in your audits, then get in touch.
Have your say…